News


From the editor's desk: The Internet of Bricks

17 May 2017 News

You’d be hard pressed to get through more than a few pages of this magazine without coming across the term IoT (Internet of Things), particularly as this particular issue features telecommunications and wireless technologies. As those of us in the electronics industry know, it’s nothing new for Things to be connected to the Internet, but then the marketing types went and latched onto the phrase as an engine to power a shiny new hype machine. What they’ve really done though is fashion a weapon to bludgeon the man in the street senseless, as there is still mass confusion about what exactly the IoT is, and what the implications are: Are there two separate Internets for People and for Things? Do I need a different service provider to access the Internet of Things than the regular Internet? If only it were that easy.

The history of the Internet is littered with examples of why people need to be cognisant of their cybersecurity, and the dangers of not being vigilant when using anything from a smartphone in the mall to a desktop computer in the office. While most of us have certainly become more savvy in this regard, breaches still occur daily, and the point was rammed home to the IoT market recently when a new malware called BrickerBot started doing the rounds.

BrickerBot is not the first or the only such threat to have been unleashed – it follows in the footsteps of the Mirai botnet that used Distributed Denial of Service (DDoS) attacks to crash a number of networks last year. In Mirai’s case, the problem could typically be solved by rebooting the device in question (remote cameras and home routers were apparently its main targets) and immediately changing its login password. The hacker behind BrickerBot, who goes by the name The Janit0r, created it to be a far nastier beastie. It scans the web for devices using a default password and proceeds to wipe their memory, corrupt their storage, and disconnect them from the Internet, essentially rendering them as useless as a brick, hence its name.

With so many Internet-connected things nowadays, ranging from computers and smartphones to fridges and light bulbs, BrickerBot has no shortage of potential targets, and it has grown progressively more virulent. Version 1 attacked close to 2000 devices in its first four days, while version 3 took only 24 hours to achieve nearly 1400 infections. A fourth version has now been spotted in the wild, and only time will tell how aggressive it will prove to be. It’s one thing for a consumer gadget to be bricked, but imagine how much more costly the implications could be for a bank, or any business for that matter. In the case of something like an oil refinery or airport the consequences are potentially lethal.

In no way do I condone what amounts to Internet vigilantism, but I hope such attacks will prove to be the wake-up call the industry needs to take the problem more seriously. As a most basic measure, any device with an Internet interface could ship with such interface disabled until such time as the user activates it by registering the device with its manufacturer, similar to the way Microsoft handles Windows activations.

It could be made a prerequisite for activation that the password be changed to something that meets strict complexity criteria. Inconvenient? Certainly. Expensive for device manufacturers to implement and administer? Undoubtedly. Perhaps there’s even some reason I haven’t thought of that would make it totally unfeasible. Surely if some clever people out there put their minds to it they could come up with a more elegant solution, but anything would be better than the haphazard way IoT security has been treated up until now.

The virtual wall that protects the IoT from the trolls prowling outside is only as steadfast as the security that holds it together. A wall, without strong mortar, is nothing but a neat pile of bricks.

Brett van den Bosch

Editor



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Revamped technical training centre in Welkom
News
Resolution Circle has announced the launch of its newly revamped training centre in Welkom, which will enhance technical education and foster industry partnerships.

Read more...
E-mobility: Navigate safety, interoperability and conformance
Concilium Technologies News
In this whitepaper, these challenges are discussed in more detail and the question is asked: How can EV and EVSE manufacturers navigate a complex regulatory landscape and deliver a quality product, without compromising time-to-market projections?

Read more...
Navigating South Africa’s transition from the NQF to OQSF framework
News
South Africa is at a crossroads of a significant educational and vocational transition, as it shifts from the National Qualifications Framework (NQF) to the Occupational Qualifications Sub Framework (OQSF) managed by the Quality Council for Trades and Occupations.

Read more...
Practical insights: Draft regulations on proposed sectoral targets
News
On 1 February 2024, the Minister of Employment and Labour issued new draft regulations concerning sectoral targets (draft regulations), providing a 90-day window for interested parties to comment.

Read more...
Top skills needed in microelectronics industry
News
The EU funded project MicroElectronics Training, Industry and Skills (METIS), which began in 2019, has officially concluded, and with this, SEMI Europe has published the final Yearly Monitoring Report.

Read more...
RS expands its professional lineup
RS South Africa News
RS PRO offers a wide range of high-quality electronics components, to meet a range of needs, from industrial connectors and passives to the latest test and measurement equipment.

Read more...
Alternative energy resource hub
News
Mouser Electronics is providing engineers with key information to solve today’s design challenges through its dedicated alternative energy resource centre.

Read more...
NECTO Studio 6.0 brings circuits to life
News
MIKROE has added increased graphical functionality and Clang support for ARM and RISC-V to its cross-platform IDE for embedded applications.

Read more...
Microchip earns certification in vehicle cybersecurity
Altron Arrow News
Microchip Technology’s corporate processes associated with specific automotive work products have recently been audited by a third party, UL Solutions, and certified as compliant to ISO/SAE 21434.

Read more...
From the editor's desk: A scourge on education
Technews Publishing News
The current government has done very little to curb the rampant affect that loadshedding has had on education in the last 10 years.

Read more...